I like this list because it covers automated machine-based collection—internal data, honeypots, and IOC feeds—and analyst-based, human collection: vendor reports and sharing communities. Analysts have to critically read and process reports and must dedicate time to developing external relationships, building trust. These tasks cannot be automated.

Similar to these “analyst-based” sources (which I suppose we could call, but which I’ll refrain from calling, HUMINT), I would add an additional source: internal IT and IT security staff.